Cybersecurity

Facebook and Google Face Challenges to Their Right to Read Your Messages

The right of technology companies to read the personal communication of their users is set to get a good run in the courts this year. Earlier this week, two Facebook (FB) users filed a class-action lawsuit against the social network, claiming that it violates state and federal law by mining information from their private messages for advertising purposes.

Facebook isn’t the only Silicon Valley company facing heat on this issue. Google (GOOG) and Yahoo! (YHOO) each face separate lawsuits filed last year over their practice of scanning the content of e-mails. All three cases are proceeding in the federal district court for the Northern District of California, which covers Silicon Valley.

Confusion over what is private on Facebook has caused controversy for years. The lawsuit filed this week argues that the company is essentially lying to its users by describing certain messages as private, then scanning URLs contained in private messages and using them to build profiles about their Web activity. The complaint charges that this is a particularly pernicious form of snooping, because the things people reveal in private messages are exactly what they don’t want distributed widely.

As evidence, the complaint cites two studies by security researchers. One, conducted over the summer by Swiss security firm High-Tech Bridge, set up a series of secret URLs and sent them through private messages on 50 Web services. It found that Facebook, Google, and Twitter (TWTR) opened them. Many Web services scan links for spam, and Marsel Nizamutdinov, chief research officer at High-Tech Bridge, acknowledged that the firm couldn’t tell whether anything more was going on. An earlier study, conducted in 2012 by security researcher Ashkan Soltani, showed that when a URL was sent via private message, it registered as two “likes” on the external webpage if the page was coded to communicate with Facebook.

A spokesperson for Facebook said the lawsuit is without merit and said the company will defend itself but needs to examine the specific allegations before responding to them directly.

If it is collecting URLs from private messages, Facebook would hardly face a major crisis were it forced to stop. That would probably be a bigger issue for Google and for Yahoo. Not only is there little question as to whether those companies scan users’ communications for advertising purposes; doing so is a major reason they offer free e-mail.